Professional Documents
Culture Documents
Instructions Forremovingmalware PDF
Instructions Forremovingmalware PDF
Version: v1.01
Author: MELANI / GovCERT.ch
Tested on: Windows 7 Home Premium SP1 Deutsch (64 Bit)
Disclaimer: All logos used in this document are registered trademarks and/or the property of the corresponding
1
holder. These instructions may be further processed in accordance with Creative Commons (CC BY-ND 3.0 ).
1
http://creativecommons.org/licenses/by-nd/3.0/
Introduction
These instructions should help you to identify a malware infection on your computer and
remove it. These instructions were drafted by the Confederation's Reporting and Analysis
Centre for Information Assurance (MELANI) and tested on a computer using Windows 7. In
principle, however, the instructions should work with all versions of Windows (Windows XP 2,
Windows Vista, Windows 8).
You are probably reading this document because your Internet Service Provider (ISP) drew
your attention to an infection on your computer or because you suspect your computer is
infected with malware. These instructions will guide you step by step on how to use Norton
Power Eraser to scan your computer for malware and remove it.
Great care was taken when preparing these instructions. However, it is possible that the
tools described in these instructions are unable to detect all malware. If a computer is
infected, MELANI generally recommends setting up the computer again, i.e. reinstalling
the operating system, in order to eliminate possible remnants of malware. MELANI
assumes no responsibility for the functionality and use of the tools mentioned in these
instructions. MELANI shall not accept any liability for any damage arising from the use of
these instructions or the tools described therein.
If you were the victim of criminal activity and wish to have a criminal investigation
conducted or have the perpetrators prosecuted, we recommend that you make a
complaint at your local cantonal police station. In this case, do not attempt to remove the
malware, as your computer will possibly be needed to secure evidence. We recommend
not using the computer again until then.
2
Microsoft support for Windows XP will end on 8 April 2014. We recommend that users of Windows XP switch
to a current version of Windows.
https://support.microsoft.com/de-de/help/13853/windows-lifecycle-fact-sheet
Instructions
These instructions describe how to remove malware using Norton Power Eraser, which is
provided free of charge by Symantec. Other commercial and free removal tools, or cleaners,
also exist. Such tools are listed at the end of this document.
https://security.symantec.com/nbrt/npe.aspx
Open the above-mentioned URL in your web browser. The Norton Power Eraser website will
then open up:
You can start downloading by clicking on the "Download" button (indicated in red above).
Select "Run" by clicking on the relevant button (indicated in red above). The download
normally takes only a few seconds. As soon as this has finished, Norton Power Eraser will be
launched. In the case of newer versions of Windows, another User Account Control dialogue
usually appears.
Figure 3 – User Account Control: launch Norton Power Eraser by clicking on "Yes"
Respond to the User Account Control dialogue by clicking on "Yes" (indicated in red above).
The software will then be launched.
The End User License Agreement must be accepted before the software can be used:
Figure 4 – The End User License Agreement must be accepted in order to be able to
use the software
After accepting the End User License Agreement, the initial screen for Norton Power Eraser
appears:
Figure 5 - Initial screen: click on "Scan for Risks" to start the scan
Click on "Scan for Risks" (indicated in red above) to scan your computer for malware.
The scan will be performed automatically when the computer is restarted, which is why you
should now restart your computer:
Once your computer has restarted, the software will automatically search for malware on
your computer. A corresponding dialogue appears on the screen during the scan:
Figure 7 – Please wait while the software is scanning your computer for malware
Depending on the computer, the scan can take several minutes. Please do not switch off
your computer during the scan and do not use any other programs.
As soon as the scan has finished, a dialogue will appear on your screen indicating the results
of the scan and possible removal options.
In this case, the process is finished. If you still suspect that your computer is infected,
particularly if your Internet Service Provider (ISP) drew your attention to an infection on your
computer, we recommend that you check the computer with other cleaners (see list at the
end of these instructions) and/or consult an IT specialist.
For each piece of malware detected, you can now specify whether Norton Power Eraser
should remove it (indicated in red above). If you do not know whether a piece of malware
should be removed or not, the standard setting is recommended (usually "Remove"). When
you click on "Fix Now" (indicated in red above), Norton Power Eraser creates a system
restore point and proceeds to remove the malware.
In order for the malware to be completely removed, the computer must now be restarted:
The computer will be restarted once you have clicked on "Restart Now".
After the computer restart, a corresponding dialogue automatically appears on the screen,
showing the results of the scan and the actions carried out (removal):
The detected malware has been removed and Norton Power Eraser can now be closed.
If you continue to experience difficulties with your computer or suspect your computer is still
infected, we recommend that you check the computer with other cleaners (see list at the end
of these instructions) and/or consult an IT specialist.
Malware usually infects computers via vulnerabilities in outdated software and/or careless
user behaviour. To prevent your computer from being attacked by malware once again, we
recommend the following guide:
Further explanations
This document describes how to use Norton Power Eraser. Other software with similar
functionality is available from other providers. A list of antivirus software can be found here:
https://www.melani.admin.ch/melani/en/home/dokumentation/links/security-solutions.html
The German website botfrei.de has a step-by-step guide on how to use another cleaner.
Instructions on how to use the EU-Cleaner can be found at the following link:
https://www.botfrei.de/eucleaner.html